Submissions - ZeroBOX

Submissions

Date range button:

First seen:

Last seen:

No	Date	Request	Urls	Hosts	IDS	Rule	Score	Zero	VT	Player	Etc
1	2023-12-23 18:31	Rby1.exe e0bc2140d5a10035fb6d3b4e1b46cdfe Emotet NSIS Generic Malware UPX Malicious Library Antivirus Admin Tool (Sysinternals etc ...) Malicious Packer Anti_VM AntiDebug AntiVM PE File PE64 PNG Format PE32 OS Processor Check BMP Format MZP Format ZIP Format JPEG Format CHM Format DLL icon C VirusTotal Malware Buffer PE AutoRuns Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates shortcut Creates executable files RWX flags setting unpack itself Check virtual network interfaces AppData folder malicious URLs AntiVM_Disk suspicious TLD IP Check VM Disk Size Check Tofsee Ransomware Windows ComputerName Firmware DNS	17 Keyword trend analysis Info http://47.236.140.86/s/twty.exe http://91.92.254.7/scripts/plus.php?ip=175.208.134.152&substr=three&s=ab - rule_id: 38706 http://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 http://api.ipify.org/?format=wet http://5.42.64.35/InstallSetup3.exe http://5.42.64.35/syncUpd.exe - rule_id: 38707 https://iplogger.com/1gDcm4 https://iplogger.com/19hVA4 https://randomdomainname.org/2cba948feb9c53fce4409f0079aec61c.exe https://pastebin.com/raw/E0rY26ni - rule_id: 37702 https://net.geo.opera.com/opera/stable/windows/?utm_medium=apb&utm_source=mkt&utm_campaign=767 https://budgienation.net/8c35a460636521ed0deef49f6749c0e3/2cba948feb9c53fce4409f0079aec61c.exe https://flyawayaero.net/baf14778c246e15550645e30ba78ce1c.exe - rule_id: 36783 https://yip.su/RNWPd.exe - rule_id: 37623 https://bitbucket.org/micaorrsoft/update/downloads/a01.exe https://potatogoose.com/8c35a460636521ed0deef49f6749c0e3/baf14778c246e15550645e30ba78ce1c.exe https://bbuseruploads.s3.amazonaws.com/c653674a-68fa-46c6-b413-9e71a0a3be60/downloads/7cc5bf80-2f20-4024-8172-c47af249efe9/a01.exe?response-content-disposition=attachment%3B%20filename%3D%22a01.exe%22&AWSAccessKeyId=ASIA6KOSE3BNLFZPBG6X&Signature=k4eYmK01rl8PGp4sOTTE04lteD0%3D&x-amz-security-token=IQoJb3JpZ2luX2VjELr%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDzQD%2B3UL8xV1DvAUP2KA45yti0HItkJ7%2FZj%2BYPZQQy%2BAIgK%2BOaDvdrjmeM3oRZP0OlFI2Pl%2B7GauL9ExmwyykyfrwqpwIIQhAAGgw5ODQ1MjUxMDExNDYiDOob2cJxt3Exs6kaAiqEAh4UYnRFarCTXYvHT0WXfJIgVuJuVvzUOPIbUG1w3nq2Yphc6rTsOhGwJcQzKyRWF%2BFm10oe88IpTj4lNM0gXnjCTwZXQVKi1Uz9JNwgbaaYzUofoIP2CZjnvaRuOYs0d6gOPdtnykb2eWeS2dGifaFBhMq%2BTovxD1l5xXeH3tHvHNOaHU%2F7ARV55Dc9YfRvdX2zOOUhEp62CjCviT3FBfq3tK8eLfJ2mwSddoM%2FvxLRaudgcAE%2FiTTi0RrZN5feEmr54GKsqEohzoLCOWAVpxR0dUkQrUDuJVTdHHFSkuX%2FWnX7mWGXITM985Y282tuaPXm6LdfM5BRgxr0vV3YWCtcSJnXMLjKmqwGOp0B5x1g24OisxHRKZUaNxp9%2BSGjgOsFU3J%2Fbs39LZmb4y%2BP29AtY729%2BALyUGmbQ3ghX9X%2FHvfZiW7jkSIo533BZtqI2LeUKLMZGFRSS862V%2FwPY7aL9mQD2m03u7eiKl8%2BE2Kc5rYFMkJjjg%2BliR6dKkTaba%2FDuj%2FNE2de8W4Y9dFnibQCoicKOX5nhXD%2B3R8dFgBbmLV9RQDHhvlDPg%3D%3D&Expires=1703324736	35 Info www.kaspersky.com(185.85.15.47) flyawayaero.net(104.21.93.225) - malware budgienation.net(104.21.33.167) bitbucket.org(104.192.141.1) - malware malwarebytes.com(192.0.66.233) api.ipify.org(104.237.62.212) bbuseruploads.s3.amazonaws.com(52.217.101.204) - malware zonealarm.com(209.87.209.205) redirector.pm(194.49.94.85) - malware randomdomainname.org(104.21.30.5) pastebin.com(172.67.34.170) - mailcious iplogger.com(172.67.188.178) - mailcious net.geo.opera.com(107.167.110.216) galandskiyher5.com(158.160.130.138) - malware potatogoose.com(172.67.180.173) - malware yip.su(104.21.79.77) - mailcious 104.21.30.5 91.92.254.7 - mailcious 209.87.209.205 158.160.130.138 104.21.33.167 192.0.66.233 107.167.110.211 3.5.28.176 185.85.15.46 104.21.93.225 - phishing 104.21.79.77 - phishing 5.42.64.35 - malware 104.20.68.143 - mailcious 172.67.180.173 - malware 172.67.188.178 - mailcious 104.192.141.1 - mailcious 47.236.140.86 194.49.94.85 - malware 64.185.227.156	12 Info ET INFO External IP Lookup Domain (iplogger .com in DNS lookup) SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee) ET INFO External IP Lookup Domain (iplogger .com in TLS SNI) ET DNS Query for .su TLD (Soviet Union) Often Malware Related ET INFO Executable Download from dotted-quad Host ET POLICY PE EXE or DLL Windows file download HTTP ET INFO Executable Retrieved With Minimal HTTP Headers - Potential Second Stage Download ET HUNTING SUSPICIOUS Dotted Quad Host MZ Response ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup ET POLICY External IP Lookup (ipify .org) ET USER_AGENTS Observed Suspicious UA (NSIS_Inetc (Mozilla)) ET INFO TLS Handshake Failure	5	16.8	M	29	ZeroCERT

First
1
Last
Total : 1cnts